RSARhosts / Hostbased auth and euid=0 requirement
Markus Friedl
markus at openbsd.org
Thu May 23 18:33:04 EST 2002
On Tue, May 08, 2001 at 04:03:16PM -0700, Carson Gaspar wrote:
> >however, i think about moving the client side of
> >hostbased authentication out of ssh, to a setuid binary
> > /usr/libexec/ssh-keysign
> >and remove the sbit from ssh.
> >ssh-keysign will read the hostkeys and generate a valid
> >signature.
>
> Great. Is this going to be implemented anytime soon? If so, I withdraw my
> suggestion. If not, please lets get a stop-gap solution in place quickly.
here's an experimental patch (against OpenBSD's cvs):
http://wwwcip.informatik.uni-erlangen.de/user/msfriedl/openssh/ssh-keysign.dif
More information about the openssh-unix-dev
mailing list